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Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH (S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 

- Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1)13 Responsive to communication(s) filed on 15 March 2005 . 
2a)S This action is FINAL. 2b)D This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 
Disposition of Claims 

4) ^ Claim(s) 1-86 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) ^ Claim(s) 1-86 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) ^ The specification is objected to by the Examiner. 

10) ^ The drawing(s) filed on 30 April 2001 is/are: a)D accepted or b)S objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 

11) D The proposed drawing correction filed on is: a)D approved b)D disapproved by the Examiner. 

If approved, corrected drawings are required in reply to this Office action. 

12) D The oath or declaration is objected to by the Examiner. 
Priority under 35 U.S.C. §§ 119 and 120 

1 3) D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 1 9(a)-(d) or (f). 

a)0 All b)D Some*c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

2. D Certified copies of the priority documents have been received in Application No. . 

3. D Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 

1 4) D Acknowledgment is made of a claim for domestic priority under 35 U.S.C. § 1 1 9(e) (to a provisional application). 

a) D The translation of the foreign language provisional application has been received. 

15) D Acknowledgment is made of a claim for domestic priority under 35 U.S.C. §§ 120 and/or 121. 
Attachment(s) 

1 ) S Notice of References Cited (PTO-892) 4) □ Interview Summary (PTO-41 3) Paper No(s). . 

2) □ Notice of DraftspersorVs Patent Drawing Review (PTO-948) 5) □ Notice of Informal Patent Application (PTO-1 52) 

3) Q Information Disclosure Statement(s) (PTO-1 449) Paper No(s) . 6) □ Other: 
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DETAILED ACTION 

Response to Arguments 
1. In response to communications filed on 3/15/2005, applicant amends claims 18, 35, 50, 
and 68. The following claims 1-86 are presented for examination. 

1.1 In response to communications filed on 3/1 5/2005, the amended to the abstract has been 
considered. Applicant has amended the drawing to change 232 to 252. However, figure 7 
contains the same reference and is not changed. In addition, the added reference 222 points to 
the same element as reference 108 in the amended fig. 6. 

1.2 Applicant's arguments, pages 20-23, filed on 3/15/2005, with respect to the rejection of 
claim 1 have been fully considered, but they are not persuasive. Applicant argues that Orrin does 
not disclose or suggest verifying the authenticity of any browser components". Examiner 
respectfully disagrees. The claim recites ". . .verifying the authenticity of one or more 
components running in, an environment of the browser of the second computer". Orrin discloses 
a signature that has all the following properties as described on page 2, paragraphs 30-3 1 
including "verifying authenticity of a component running in, an environment of the browser" as 
claimed. Orrin further discloses Internet browsers have signature functions. . . paragraph 39; 
digital signature may be computed by computing hash value from signed content and assignment 
component. . . paragraph 34. Regarding claim 18 applicant states that Shear discloses verifying 
the trustworthiness of load module and signature ... whereas the method of claim 18 verifies a 
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digital signal by verifying the trustworthiness of the browser that generates the digital signature 
(not claimed). Examiner disagrees because the load module disclosed by Shear meets the 
limitation of a browser. In addition, verifying the trustworthiness of appliance or processing 
environment or load module that generate digital signature is also disclosed in several 
embodiments and not limited to for example (column 13, lines 35-46). Applicant has amended 
claims 18 and 35 to further limit the claimed invention. However the limitation is considered as 
new matter as discussed below and the limitation has not overcome the rejection. The rejection 
of other claims not challenged by applicant in the previous action still applies in this office 
action. Examiner maintains the rejection in view of the same references. 

Claim Objections 

2. Claim 27 is objected to because of the following informalities: "first point in bane". 
Appropriate correction is required. 

Claim 24 is also objected to because of the following informalities: "the 30 determining 
step...). Claim 53 also has a number 10. Appropriate correction is required. 

Drawings 

3. Figure 1 is objected to as failing to comply with 37 CFR 1.84(p)(4) because reference 
characters "108" and "222" have both been used to designate the same element. Appropriate 
correction is required. 

Figure 7 is objected because there is a lack of consistency with the other drawings with 
reference 232/252. Appropriate correction is required. 
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Corrected drawing sheets in compliance with 37 CFR 1.121(d) are required in reply to 
the Office action to avoid abandonment of the application. Any amended replacement drawing 
sheet should include all of the figures appearing on the immediate prior version of the sheet, 
even if only one figure is being amended. Each drawing sheet submitted after the filing date of 
an application must be labeled in the top margin as either "Replacement Sheet" or "New Sheet" 
pursuant to 37 CFR 1.121(d). If the changes are not accepted by the examiner, the applicant will 
be notified and informed of any required corrective action in the next Office action. The 
objection to the drawings will not be held in abeyance. 

Claim Rejections - 35 USC §112 
4. The following is a quotation of the first paragraph of 35 U.S.C. 112: 

The specification shall contain a written description of the invention, and of the manner 
and process of making and using it, in such full, clear, concise, and exact terms as to enable any 
person skilled in the art to which it pertains, or with which it is most nearly connected, to make 
and use the same and shall set forth the best mode contemplated by the inventor of carrying out 
his invention. 

4. 1 Claims 18 and 35 and the intervening claims are rejected under 35 U.S.C. 112, first 
paragraph, as failing to comply with the written description requirement. The claim contains 
subject matter, which was not described in the specification in such a way as to reasonably 
convey to one skilled in the relevant art that the inventor(s), at the time the application was filed, 
had possession of the claimed invention. The specification fails to describe the step of creating 
comparing and verifying a first set of hashes comprising a hash of the browser at a first point in 
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time, and a plurality of hashes corresponding to a plurality of browser components with a second 
set of hashes comprising a hash of the browser at a first point in time, and a plurality of hashes 
corresponding to a plurality of browser components. The original claims were referring to 
browser as browser components. 

Claim Rejections - 35 USC §101 

5. 35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or 
composition of matter, or any new and useful improvement thereof, may obtain a patent 
therefor, subject to the conditions and requirements of this title. 

Claims 1, 18, 35, 50, and 68 are rejected under 35 U.S.C. 101 because the claimed 

invention is directed to non- statutory subject matter. For example the method of verifying 

comprising the steps of transmitting . . . authenticating. . . is not tangibly embodied in a manner to 

make it executable nor the claim limitation is a functional descriptive material; the preamble and 

the steps are just abstract ideas. The system claims are also directed to non-statutory subject 

matter because even though some of the operation or the intent of the execution includes 

hardware the system itself does not include hardware. 

Claim Rejections - 35 USC § 102 

6. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in a patent granted on an application for patent by another 
filed in the United States before the invention thereof by the applicant for patent, or on an 
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international application by another who has fulfilled the requirements of paragraphs (1), 
(2), and (4) of section 371(c) of this title before the invention thereof by the applicant for 
patent. 

The changes made to 35 U.S.C. 102(e) by the American Inventors Protection Act of 1999 
(AIPA) and the Intellectual Property and High Technology Technical Amendments Act of 2002 
do not apply when the reference is a U.S. patent resulting directly or indirectly from an 
international application filed before November 29, 2000. Therefore, the prior art date of the 
reference is determined under 35 U.S.C. 102(e) prior to the amendment by the AIPA (pre-AIPA 
35 U.S.C. 102(e)). 

6.1 Claims 1-17 are rejected under 35 U.S.C. 102(e) as being anticipated by US Patent 
Publication US2002/0 128940 to Orrin et al.. 

6.2 As per claim 1, Orrin et al. discloses a method of verifying the trustworthiness of a 
browser, comprising: transmitting an electronic document requiring signature from a first user 
computer to a second user computer; electronically signing the electronic document at the second 
user computer to create a first digital signature, for example (see pages 3-4, paragraphs 0038- 
0043); including as an attribute of the first digital signature a second digital signature, the second 
digital signature verifying the authenticity of one or more components running in an environment 
of the browser on the second user computer, for example (see pages 3-4, paragraphs 0038-0043 
see also page 7); transmitting the signed electronic document from the second user computer to 
the first user computer, for example (see pages 3-4, paragraphs 0038-0043); authenticating the 
second digital signature, for example (see pages 3-4, paragraphs 0038-0043). 
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As per claim 2, Orrin et al. discloses the limitation of further comprising determining 
whether the entity that executed the second digital signature is authorized to certify the 
trustworthiness of the one or more components, for example (see pages 3-4, paragraphs 0038- 
0043). 

As per claims 3 and 4, Orrin et al. discloses the limitation of wherein the attribute is a 
signed attribute and an authenticated attribute, for example (see pages 3-4, paragraphs 0038- 
0043). 

As per claims 5 and 6, Orrin et al. discloses the limitation of wherein the authenticating 
comprises.verifying the authenticity of the second digital signature and wherein the authenticity 
of the second digital signature is verified using a digital certificate, for example (see pages 3-4, 
paragraphs 0038-0043). 

As per claim 7, Orrin et al. discloses the limitation of wherein the authenticating 
comprises comparing a hash of the one or more components running in the browser environment 
included in the second digital signature to a known-good hash of the one or more components 
running in the browser environment, for example (see page 5, paragraph 0052). Orrin et ah 
discloses the parties using a web browser, for example (see page 2, 0023). 
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As per claim 8, Orrin et al. discloses the limitation of wherein the authenticating is 
performed by the first user computer, for example (see pages 3-4, paragraphs 0038-0043). 



As per claim 9, Orrin et al. discloses the limitation of wherein the authenticating is 
performed by a computer maintained by a participant, for example (see page 6, paragraph 0070). 

As per claim 10, Orrin et al. discloses the limitation of wherein the authenticating is 
performed by an independent entity that is not a participant, for example (see page 7, paragraph 
0089). 



As per claim 11, Orrin et al. discloses the limitation of wherein the authenticating is 
performed by the second user computer, for example (see pages 3-4, paragraphs 0038-0043). 

As per claim 12, Orrin et al. discloses that unsigned content can be included in the 
signature that meets the limitation of wherein an unsigned component running in the browser 
environment of the second user computer is included as an attribute of the first digital signature, 
for example (see page 7, paragraphs 0079-0083). 



As per claim 15, Orrin et al. discloses the limitation of wherein a hash of one or more 
signed browser components running on the second user computer is included as an attribute of 
the first digital signature, for example (see pages 3-4, paragraphs 0038-0043). 
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As per claims 13, 16-17, Orrin et al. discloses storing and transferring content on 
computers comprising of RAM and non- volatile memory, for example (see pages 3-4, 
paragraphs 0038-0043). 

7. Claims 18-49 are rejected under 35 U.S.C. 102(e) as being anticipated by US Patent 
6,292,569 to Shear et ah (Applicant EDS) in view of US Patent 5,958,051 to Renaud et al. 

As per claims 18, 26, and 41, Shear et al. discloses a method of verifying the 
trustworthiness of a browser comprising: discloses creating set of digital signatures 
corresponding to a plurality of browser or appliance or protected environment modules at a first 
point in time (see column 18, line 54 through column 19, line 5 column 8, lines 15-42 and 
column 13, lines 7 and seq.) that meets the recitation of creating a first set of hashes, the first set 
of hashes comprising a hash of the browser at a first point in time, and a plurality of hashes 
corresponding to a plurality of browser components at the first point in time wherein the first set 
of hashes being a known good set of hashes, for example (see column 10, line 55 through 
column 11, line 21; column 12, linesl6-55; see abstract); determining the status of the browser 
running on a computer at a second point in time (column 10, lines 34-55 and column 12, lines 
16-55) and discloses creating and verifying the components any time they are presented to 
another participant that meets the recitation of creating a second set of hashes, the second set of 
hashes comprising a hash of the browser at a second point in time and a plurality of hashes 
corresponding to a plurality of browser components at the second point in time (column 4, lines 
29-45 column 10, lines 34-55 and column 12, lines 16-55; see also column 21, lines 1-26) 
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verifying the second set of hashes to ensure that each hash was created by a trusted source (see 
abstract and column 4, lines 29-45) and discloses verifying the digital signatures of the load 
modules to determine the trustworthiness of the processing environment that meets the recitation 
of comparing the first set of hashes to the second set of hashes to determine the trustworthiness 
of the processing environment (column 12, , lines 16-55). Shear et al discloses another 
embodiment with different authorities creating and verifying by matching set of hashes at 
subsequent point in time to determine the trustworthiness of the processing environment (column 
18, line 22 through column 19, line 5 see also claims). 

Claims 19-23 disclose similar limitations discussed in claim 18 above. Shear et al 
discloses also discloses that the status is unknown if it is determined that a hash was created or 
not by a trusted source (column 18, line 22 through column 19, line 5 see also claims). 

Therefore they are rejected on the same rationale as the rejection of claim 18. 

As per claims 24-25, Shear et al. discloses the limitation of wherein the first set of 
hashes is maintained by a trusted entity, and further comprising the steps of receiving from a 
requestor a. request to determine the trustworthiness of the browser, the request including the 
second set: of hashes; generating a report about the status of the browser based on a result of the 
determining step; and transmitting the report to the requestor, for example (see column 10, line 
34 through column 11, line 21; column 18, line 22 through column 19, line 5 see also claims; see 
abstract). Schneier also discloses this limitation as prior art as cited by Shear et al. at the end of 
column 10. 
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As per claims 27-30, Shear et ah discloses similar limitations including the step of 
determining and verifying hashes by a trusted source as discussed in claim 18. Therefore they 
are rejected on the same rationale as the rejection of claim 18 and 24. 

As per claims 31-34, Shear et al. discloses different participants in a financial 
transaction that meets the recitation buyer and seller. Shear et al. further suggests using the 
invention for on-line financial transaction. Therefore they are rejected on the same rationale as 
the rejection of claim 24. 

Claims 35-40 and 42-49 are similar to the rejected claims 18-34 except for incorporating 
the claimed method into a system. Therefore, claims 35-49 are rejected on the same rationale as 
the rejection of claims 18-34. 

Claim Rejections - 35 USC §103 
6. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or 
described as set forth in section 102 of this title, if the differences between the subject matter 
sought to be patented and the prior art are such that the subject matter as a whole would have 
been obvious at the time the invention was made to a person having ordinary skill in the art to 



Application/Control Number: 09/845,221 Page 12 

Art Unit: 2136 

which said subject matter pertains. Patentability shall not be negatived by the manner in which 
the invention was made. 

6. 1 Claims 50-86 are rejected under 35 U.S.C. 103(a) as being unpatentable over US Patent 
6,292,569 to Shear et al. (Applicant IDS). 

6.2 As per claim 50, claim 50 recites similar limitations as claims 18 and 24 except for 
incorporating multiple parties. Shear et al. substantially teaches the claimed limitations of 18 
and 24 as mentioned above and further teaches financial transaction involving multiple parties, 
for example (see column 10, lines 33 et seq.) including trusted verifier customers and 
participants. Ginter et al. (for example in column 4, lines 25 et seq.) as mentioned by Shear et 
aL also provides more detailed examples of financial transactions involving multiple parties. 
Therefore it would have been obvious to one with ordinary skill in the art at the time the 
invention was made to modify Shear et al.'s inventive concept to provide the steps performed by 
each participant. This modification would have been obvious because one skilled in the art 
would have been motivated by the suggestions provided by Shear et al who states that the 
invention can be implemented into a financial transaction with a verifying authority verifying the 
browser components of other parties, for example (see abstract and column 10, lines 33 et seq.) 

Claims 51-59 recite the same limitations as the rejected claims 18-34. Therefore, claims 
35-49 are rejected on the same rationale as the rejection of claims 18-34. 
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As per claims 60-67, Shear et al discloses establishing set of rules (column 15,lines 33- 
40) and the option of modifying the structure and function of participants and verifying 
authority, for example (see column 10, lines 33 et seq.). 

Claims 68-86 are similar to the rejected claims 50-67 except for incorporating the 
claimed method into a system. Therefore, claims 68-86 are rejected on the same rationale as the 
rejection of claims 50-67. 

Conclusion 

7. Applicant's amendment necessitated the new ground(s) of rejection presented in this 
Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). 
Applicant is reminded of the extension of time policy as set forth in 37 CFR 1. 136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
CFR 1 .136(a) will be calculated from the mailing date of the advisory action. In no event, 
however, will the statutory period for reply expire later than SIX MONTHS from the date of this 
final action. 
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7. 1 The prior art made of record and not relied upon is considered pertinent to applicant's 
disclosure as the art discloses security system involving multiple party transactions. 

US Patent Publications: US 2002/0124172 Manahan; US 2002/0095579 Yoshiura et al. 
US Patents 6,105,012 Chang et al ; 5,958051 Renaud et al ; 6,157,917 Barber. 

7.2 Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Carl Colin whose telephone number is 571-272-3862. The 
examiner can normally be reached on Monday through Thursday, 8:00-6:30 PM. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh can be reached on 571-272-3795. The fax phone number for the 
organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http:// pair-direct.u spto.gov. Should you have questions on access to the Private 
PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 
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